#Privacy: New phishing campaign targets Apple customers

Scammers are trying to fool users into thinking their lost iPhone X has been found. 

According to reports, users are receiving text messages claiming that their lost “iPhone X 64GB Space Grey” has been found. The messages include an URL which supposedly shows the exact location of the phone. 

To seem legitimate, the recipient is addressed by their real name, the message is signed by “Apple Support”, and the link is “maps-icloud[.]com”, which of course is not a legitimate Apple or iCloud link. 

Researchers at KrebsOnSecurity found that the phishing domain is hosted on a Russian server, which also hosts other subdomains used in similar campaigns. 

“Savvy readers here no doubt already know this, but to find the true domain referenced in a link, look to the right of “http(s)://” until you encounter the first forward slash (/),” wrote Krebs.

“The domain directly to the left of that first slash is the true destination; anything that precedes the second dot to the left of that first slash is a subdomain and should be ignored for the purposes of determining the true domain name.”

Users are urged to disregard these SMS messages and avoid clicking links from unknown recipients. It is important to visit the site or service in question manually if users are unsure if the message is legitimate.

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.